PVMURFvd

1{"malware":[],"sha256":"sha256:89c5a7eecd2dbde1237aa128f987c4434e43cbeae203c16693a06e66c3d39554","os":"LINUX_AMAZON","risk_score":10,"findings":[{"nvdFinding":{"cve":"CVE-2014-8117","description":"softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.","published_date":"2014-12-17T19:59:00Z","modified_date":"2018-01-05T02:29:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://advisories.mageia.org/MGASA-2015-0040.html","http://rhn.redhat.com/errata/RHSA-2016-0760.html","http://seclists.org/oss-sec/2014/q4/1056","http://secunia.com/advisories/61944","http://secunia.com/advisories/62081","http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/71692","http://www.securitytracker.com/id/1031344","http://www.ubuntu.com/usn/USN-2494-1","http://www.ubuntu.com/usn/USN-2535-1","https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog","https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c","https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-3487","description":"The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.","published_date":"2014-07-09T11:07:00Z","modified_date":"2016-11-28T19:11:00Z","cvss_score":"4.3","cvss_vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"MEDIUM","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html","http://marc.info/?l=bugtraq&m=141017844705317&w=2","http://mx.gw.com/pipermail/file/2014/001553.html","http://rhn.redhat.com/errata/RHSA-2014-1765.html","http://rhn.redhat.com/errata/RHSA-2014-1766.html","http://secunia.com/advisories/59794","http://secunia.com/advisories/59831","http://support.apple.com/kb/HT6443","http://www.debian.org/security/2014/dsa-2974","http://www.debian.org/security/2014/dsa-3021","http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.php.net/ChangeLog-5.php","http://www.securityfocus.com/bid/68120","https://bugs.php.net/bug.php?id=67413","https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d","https://support.apple.com/HT204659"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2019-12290","description":"GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.","published_date":"2019-10-22T16:15:00Z","modified_date":"2019-10-29T19:15:00Z","cvss_score":"7.5","cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"NONE","confidentiality_impact":"NONE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update libidn2' to update your system.","references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00009.html","https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5","https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de","https://gitlab.com/libidn/libidn2/merge_requests/71","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFT76Y7OSGPZV3EBEHD6ISVUM3DLARM/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXDKYWFV6N2HHVSE67FFDM7G3FEL2ZNE/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONG3GJRRJO35COPGVJXXSZLU4J5Y42AT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSI4TI2JTQWQ3YEUX5X36GTVGKO4QKZ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6ZXL2RDNQRAHCMKWPOMJFKYJ344X4HL/","https://security.gentoo.org/glsa/202003-63","https://usn.ubuntu.com/4168-1/"]},"packages":[{"name":"libidn2","version":"2.0.4","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2019-8905","description":"do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.","published_date":"2019-02-18T17:29:00Z","modified_date":"2019-04-12T12:29:00Z","cvss_score":"8.8","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html","http://www.securityfocus.com/bid/107137","https://bugs.astron.com/view.php?id=63","https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html","https://usn.ubuntu.com/3911-1/"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-0237","description":"The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.","published_date":"2014-06-01T04:29:00Z","modified_date":"2017-01-07T02:59:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html","http://rhn.redhat.com/errata/RHSA-2014-1765.html","http://rhn.redhat.com/errata/RHSA-2014-1766.html","http://secunia.com/advisories/59061","http://secunia.com/advisories/59329","http://secunia.com/advisories/59418","http://secunia.com/advisories/60998","http://support.apple.com/kb/HT6443","http://www.debian.org/security/2014/dsa-3021","http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.php.net/ChangeLog-5.php","http://www.securityfocus.com/bid/67759","http://www-01.ibm.com/support/docview.wss?uid=swg21683486","https://bugs.php.net/bug.php?id=67328","https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d","https://support.apple.com/HT204659"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-3564","description":"Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"different line lengths in a specific order.\"","published_date":"2014-10-20T17:55:00Z","modified_date":"2016-10-18T03:44:00Z","cvss_score":"6.8","cvss_vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","access_vector":"NETWORK","access_complexity":"MEDIUM","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL","cwe":"","cpe":[],"remediation":"Run 'yum update gpgme' to update your system.","references":["http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77","http://seclists.org/oss-sec/2014/q3/266","http://www.debian.org/security/2014/dsa-3005","http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","http://www.osvdb.org/109699","http://www.securityfocus.com/bid/68990","https://bugzilla.redhat.com/show_bug.cgi?id=1113267"]},"packages":[{"name":"gpgme","version":"1.3.2","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2018-10897","description":"A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.","published_date":"2018-08-01T17:29:00Z","modified_date":"2018-11-30T21:33:00Z","cvss_score":"8.1","cvss_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"HIGH","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update yum-utils' to update your system.","references":["http://www.securitytracker.com/id/1041594","https://access.redhat.com/errata/RHSA-2018:2284","https://access.redhat.com/errata/RHSA-2018:2285","https://access.redhat.com/errata/RHSA-2018:2626","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897","https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c","https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c","https://github.com/rpm-software-management/yum-utils/pull/43","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"]},"packages":[{"name":"yum-plugin-priorities","version":"1.1.31","type":"linux"},{"name":"yum-plugin-ovl","version":"1.1.31","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-3627","description":"The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.","published_date":"2016-05-17T14:08:00Z","modified_date":"2018-10-30T16:27:00Z","cvss_score":"7.5","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html","http://rhn.redhat.com/errata/RHSA-2016-2957.html","http://seclists.org/fulldisclosure/2016/May/10","http://www.openwall.com/lists/oss-security/2016/03/21/2","http://www.openwall.com/lists/oss-security/2016/03/21/3","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/84992","http://www.securitytracker.com/id/1035335","http://www.ubuntu.com/usn/USN-2994-1","https://access.redhat.com/errata/RHSA-2016:1292","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239","https://kc.mcafee.com/corporate/index?page=content&id=SB10170","https://security.gentoo.org/glsa/201701-37","https://www.debian.org/security/2016/dsa-3593","https://www.tenable.com/security/tns-2016-18"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2019-5481","description":"Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.","published_date":"2019-09-16T19:15:00Z","modified_date":"2019-09-18T00:15:00Z","cvss_score":"9.8","cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update curl' to update your system.","references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html","https://curl.haxx.se/docs/CVE-2019-5481.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/","https://seclists.org/bugtraq/2020/Feb/36","https://security.gentoo.org/glsa/202003-29","https://security.netapp.com/advisory/ntap-20191004-0003/","https://www.debian.org/security/2020/dsa-4633","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html"]},"packages":[{"name":"curl","version":"7.61.1","type":"linux"},{"name":"libcurl","version":"7.61.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2019-11729","description":"Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.","published_date":"2019-07-23T14:15:00Z","modified_date":"2019-07-29T16:15:00Z","cvss_score":"7.5","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update nss' to update your system.\n\nRun 'yum update nss-softokn' to update your system.\n\nRun 'yum update nss-util' to update your system.\n\nRun 'yum update nspr' to update your system.","references":["http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html","https://access.redhat.com/errata/RHSA-2019:1951","https://access.redhat.com/errata/RHSA-2019:4190","https://bugzilla.mozilla.org/show_bug.cgi?id=1515342","https://security.gentoo.org/glsa/201908-12","https://security.gentoo.org/glsa/201908-20","https://www.mozilla.org/security/advisories/mfsa2019-21/","https://www.mozilla.org/security/advisories/mfsa2019-22/","https://www.mozilla.org/security/advisories/mfsa2019-23/"]},"packages":[{"name":"nss-softokn","version":"3.44.0","type":"linux"},{"name":"nss","version":"3.44.0","type":"linux"},{"name":"nss-util","version":"3.44.0","type":"linux"},{"name":"nss-tools","version":"3.44.0","type":"linux"},{"name":"nss-softokn-freebl","version":"3.44.0","type":"linux"},{"name":"nspr","version":"4.21.0","type":"linux"},{"name":"nss-sysinit","version":"3.44.0","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2017-13090","description":"The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.","published_date":"2017-10-27T19:29:00Z","modified_date":"2017-12-30T02:29:00Z","cvss_score":"8.8","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update wget' to update your system.","references":["http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba","http://www.debian.org/security/2017/dsa-4008","http://www.securityfocus.com/bid/101590","http://www.securitytracker.com/id/1039661","https://access.redhat.com/errata/RHSA-2017:3075","https://security.gentoo.org/glsa/201711-06","https://www.synology.com/support/security/Synology_SA_17_62_Wget","https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html"]},"packages":[{"name":"wget","version":"1.14","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2017-1000249","description":"An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).","published_date":"2017-09-11T19:29:00Z","modified_date":"2017-11-08T02:29:00Z","cvss_score":"5.5","cvss_vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","access_vector":"LOCAL","access_complexity":"LOW","auth":"SINGLE","availability_impact":"NONE","confidentiality_impact":"NONE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://www.debian.org/security/2017/dsa-3965","https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793","https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d","https://security.gentoo.org/glsa/201710-02"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-0207","description":"The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.","published_date":"2014-07-09T11:07:00Z","modified_date":"2016-11-28T19:10:00Z","cvss_score":"4.3","cvss_vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"MEDIUM","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html","http://marc.info/?l=bugtraq&m=141017844705317&w=2","http://mx.gw.com/pipermail/file/2014/001553.html","http://rhn.redhat.com/errata/RHSA-2014-1765.html","http://rhn.redhat.com/errata/RHSA-2014-1766.html","http://secunia.com/advisories/59794","http://secunia.com/advisories/59831","http://support.apple.com/kb/HT6443","http://www.debian.org/security/2014/dsa-2974","http://www.debian.org/security/2014/dsa-3021","http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.php.net/ChangeLog-5.php","http://www.securityfocus.com/bid/68243","https://bugs.php.net/bug.php?id=67326","https://bugzilla.redhat.com/show_bug.cgi?id=1091842","https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391","https://support.apple.com/HT204659"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2019-5436","description":"A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.","published_date":"2019-05-28T19:29:00Z","modified_date":"2019-06-09T05:29:00Z","cvss_score":"7.8","cvss_vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","access_vector":"LOCAL","access_complexity":"LOW","auth":"SINGLE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update curl' to update your system.","references":["http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html","http://www.openwall.com/lists/oss-security/2019/09/11/6","https://curl.haxx.se/docs/CVE-2019-5436.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/","https://seclists.org/bugtraq/2020/Feb/36","https://security.gentoo.org/glsa/202003-29","https://security.netapp.com/advisory/ntap-20190606-0004/","https://support.f5.com/csp/article/K55133295","https://support.f5.com/csp/article/K55133295?utm_source=f5support&amp;utm_medium=RSS","https://www.debian.org/security/2020/dsa-4633","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"]},"packages":[{"name":"curl","version":"7.61.1","type":"linux"},{"name":"libcurl","version":"7.61.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-4447","description":"The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.","published_date":"2016-06-09T16:59:00Z","modified_date":"2019-03-26T17:12:00Z","cvss_score":"7.5","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html","http://rhn.redhat.com/errata/RHSA-2016-2957.html","http://www.openwall.com/lists/oss-security/2016/05/25/2","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/90864","http://www.securitytracker.com/id/1036348","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722","http://www.ubuntu.com/usn/USN-2994-1","http://xmlsoft.org/news.html","https://access.redhat.com/errata/RHSA-2016:1292","https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709","https://kc.mcafee.com/corporate/index?page=content&id=SB10170","https://support.apple.com/HT206899","https://support.apple.com/HT206901","https://support.apple.com/HT206902","https://support.apple.com/HT206903","https://support.apple.com/HT206904","https://support.apple.com/HT206905","https://www.debian.org/security/2016/dsa-3593","https://www.tenable.com/security/tns-2016-18"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2018-0495","description":"Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.","published_date":"2018-06-13T23:29:00Z","modified_date":"2019-05-30T18:29:00Z","cvss_score":"4.7","cvss_vector":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","access_vector":"LOCAL","access_complexity":"HIGH","auth":"SINGLE","availability_impact":"NONE","confidentiality_impact":"COMPLETE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update nss' to update your system.\n\nRun 'yum update nss-softokn' to update your system.\n\nRun 'yum update nss-util' to update your system.\n\nRun 'yum update nspr' to update your system.","references":["http://www.securitytracker.com/id/1041144","http://www.securitytracker.com/id/1041147","https://access.redhat.com/errata/RHSA-2018:3221","https://access.redhat.com/errata/RHSA-2018:3505","https://access.redhat.com/errata/RHSA-2019:1296","https://access.redhat.com/errata/RHSA-2019:1297","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2019:2237","https://dev.gnupg.org/T4011","https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965","https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html","https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html","https://usn.ubuntu.com/3689-1/","https://usn.ubuntu.com/3689-2/","https://usn.ubuntu.com/3692-1/","https://usn.ubuntu.com/3692-2/","https://usn.ubuntu.com/3850-1/","https://usn.ubuntu.com/3850-2/","https://www.debian.org/security/2018/dsa-4231","https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"]},"packages":[{"name":"nss-softokn","version":"3.44.0","type":"linux"},{"name":"nss","version":"3.44.0","type":"linux"},{"name":"nss-util","version":"3.44.0","type":"linux"},{"name":"nss-tools","version":"3.44.0","type":"linux"},{"name":"nss-softokn-freebl","version":"3.44.0","type":"linux"},{"name":"nspr","version":"4.21.0","type":"linux"},{"name":"nss-sysinit","version":"3.44.0","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2019-18224","description":"idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.","published_date":"2019-10-21T17:15:00Z","modified_date":"2019-10-29T19:15:00Z","cvss_score":"9.8","cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update libidn2' to update your system.","references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00009.html","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420","https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c","https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/","https://seclists.org/bugtraq/2020/Feb/4","https://security.gentoo.org/glsa/202003-63","https://usn.ubuntu.com/4168-1/","https://www.debian.org/security/2020/dsa-4613"]},"packages":[{"name":"libidn2","version":"2.0.4","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-3587","description":"Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.","published_date":"2014-08-23T01:55:00Z","modified_date":"2018-01-05T02:29:00Z","cvss_score":"4.3","cvss_vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"MEDIUM","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","http://php.net/ChangeLog-5.php","http://rhn.redhat.com/errata/RHSA-2014-1326.html","http://rhn.redhat.com/errata/RHSA-2014-1327.html","http://rhn.redhat.com/errata/RHSA-2014-1765.html","http://rhn.redhat.com/errata/RHSA-2014-1766.html","http://rhn.redhat.com/errata/RHSA-2016-0760.html","http://secunia.com/advisories/60609","http://secunia.com/advisories/60696","http://www.debian.org/security/2014/dsa-3008","http://www.debian.org/security/2014/dsa-3021","http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/69325","http://www.ubuntu.com/usn/USN-2344-1","http://www.ubuntu.com/usn/USN-2369-1","https://bugs.php.net/bug.php?id=67716","https://github.com/file/file/commit/0641e56be1af003aa02c7c6b0184466540637233","https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947","https://security-tracker.debian.org/tracker/CVE-2014-3587","https://support.apple.com/HT204659"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2018-12020","description":"mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the \"--status-fd 2\" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.","published_date":"2018-06-08T21:29:00Z","modified_date":"2019-10-03T00:03:00Z","cvss_score":"7.5","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"NONE","confidentiality_impact":"NONE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update gnupg' to update your system.\n\nRun 'yum update gnupg2' to update your system.","references":["http://openwall.com/lists/oss-security/2018/06/08/2","http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html","http://seclists.org/fulldisclosure/2019/Apr/38","http://www.openwall.com/lists/oss-security/2019/04/30/4","http://www.securityfocus.com/bid/104450","http://www.securitytracker.com/id/1041051","https://access.redhat.com/errata/RHSA-2018:2180","https://access.redhat.com/errata/RHSA-2018:2181","https://dev.gnupg.org/T4012","https://github.com/RUB-NDS/Johnny-You-Are-Fired","https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html","https://usn.ubuntu.com/3675-1/","https://usn.ubuntu.com/3675-2/","https://usn.ubuntu.com/3675-3/","https://usn.ubuntu.com/3964-1/","https://www.debian.org/security/2018/dsa-4222","https://www.debian.org/security/2018/dsa-4223","https://www.debian.org/security/2018/dsa-4224"]},"packages":[{"name":"gnupg2","version":"2.0.22","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-3710","description":"The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.","published_date":"2014-11-05T11:55:00Z","modified_date":"2018-01-05T02:29:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d","http://linux.oracle.com/errata/ELSA-2014-1767.html","http://linux.oracle.com/errata/ELSA-2014-1768.html","http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html","http://rhn.redhat.com/errata/RHSA-2014-1765.html","http://rhn.redhat.com/errata/RHSA-2014-1766.html","http://rhn.redhat.com/errata/RHSA-2014-1767.html","http://rhn.redhat.com/errata/RHSA-2014-1768.html","http://rhn.redhat.com/errata/RHSA-2016-0760.html","http://secunia.com/advisories/60630","http://secunia.com/advisories/60699","http://secunia.com/advisories/61763","http://secunia.com/advisories/61970","http://secunia.com/advisories/61982","http://secunia.com/advisories/62347","http://secunia.com/advisories/62559","http://www.debian.org/security/2014/dsa-3072","http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/70807","http://www.securitytracker.com/id/1031344","http://www.ubuntu.com/usn/USN-2391-1","http://www.ubuntu.com/usn/USN-2494-1","https://bugs.php.net/bug.php?id=68283","https://bugzilla.redhat.com/show_bug.cgi?id=1155071","https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0","https://security.gentoo.org/glsa/201503-03","https://security.gentoo.org/glsa/201701-42","https://support.apple.com/HT204659","https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2015-7497","description":"Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.","published_date":"2015-12-15T21:59:00Z","modified_date":"2017-09-14T01:29:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","http://marc.info/?l=bugtraq&m=145382616617563&w=2","http://rhn.redhat.com/errata/RHSA-2015-2549.html","http://rhn.redhat.com/errata/RHSA-2015-2550.html","http://rhn.redhat.com/errata/RHSA-2016-1089.html","http://www.debian.org/security/2015/dsa-3430","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/79508","http://www.securitytracker.com/id/1034243","http://www.ubuntu.com/usn/USN-2834-1","http://xmlsoft.org/news.html","https://bugzilla.redhat.com/show_bug.cgi?id=1281862","https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172","https://security.gentoo.org/glsa/201701-37"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2019-5435","description":"An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.","published_date":"2019-05-28T19:29:00Z","modified_date":"2019-06-09T05:29:00Z","cvss_score":"3.7","cvss_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","access_vector":"NETWORK","access_complexity":"HIGH","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update curl' to update your system.","references":["https://curl.haxx.se/docs/CVE-2019-5435.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/","https://security.gentoo.org/glsa/202003-29","https://security.netapp.com/advisory/ntap-20190606-0004/","https://support.f5.com/csp/article/K08125515","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"]},"packages":[{"name":"curl","version":"7.61.1","type":"linux"},{"name":"libcurl","version":"7.61.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-4449","description":"XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.","published_date":"2016-06-09T16:59:00Z","modified_date":"2018-01-18T18:18:00Z","cvss_score":"7.1","cvss_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","access_vector":"LOCAL","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://jvn.jp/en/jp/JVN17535578/index.html","http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000066.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html","http://rhn.redhat.com/errata/RHSA-2016-2957.html","http://www.openwall.com/lists/oss-security/2016/05/25/2","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/90865","http://www.securitytracker.com/id/1036348","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722","http://www.ubuntu.com/usn/USN-2994-1","http://xmlsoft.org/news.html","https://access.redhat.com/errata/RHSA-2016:1292","https://git.gnome.org/browse/libxml2/commit/?id=b1d34de46a11323fccffa9fadeb33be670d602f5","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709","https://kc.mcafee.com/corporate/index?page=content&id=SB10170","https://support.apple.com/HT206899","https://support.apple.com/HT206901","https://support.apple.com/HT206902","https://support.apple.com/HT206903","https://support.apple.com/HT206904","https://support.apple.com/HT206905","https://support.cybozu.com/ja-jp/article/9735","https://www.debian.org/security/2016/dsa-3593","https://www.tenable.com/security/tns-2016-18"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2015-8241","description":"The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.","published_date":"2015-12-15T21:59:00Z","modified_date":"2017-09-14T01:29:00Z","cvss_score":"6.4","cvss_vector":"AV:N/AC:L/Au:N/C:P/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"PARTIAL","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","http://marc.info/?l=bugtraq&m=145382616617563&w=2","http://rhn.redhat.com/errata/RHSA-2015-2549.html","http://rhn.redhat.com/errata/RHSA-2015-2550.html","http://rhn.redhat.com/errata/RHSA-2016-1089.html","http://www.debian.org/security/2015/dsa-3430","http://www.openwall.com/lists/oss-security/2015/11/17/5","http://www.openwall.com/lists/oss-security/2015/11/18/23","http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/77621","http://www.securitytracker.com/id/1034243","http://www.ubuntu.com/usn/USN-2834-1","https://bugzilla.gnome.org/show_bug.cgi?id=756263","https://bugzilla.redhat.com/show_bug.cgi?id=1281936","https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2018-14404","description":"A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.","published_date":"2018-07-19T13:29:00Z","modified_date":"2018-09-28T10:29:00Z","cvss_score":"7.5","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["https://access.redhat.com/errata/RHSA-2019:1543","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817","https://bugzilla.redhat.com/show_bug.cgi?id=1595985","https://gitlab.gnome.org/GNOME/libxml2/issues/10","https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html","https://security.netapp.com/advisory/ntap-20190719-0002/","https://usn.ubuntu.com/3739-1/","https://usn.ubuntu.com/3739-2/"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-3479","description":"The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.","published_date":"2014-07-09T11:07:00Z","modified_date":"2016-11-28T19:11:00Z","cvss_score":"4.3","cvss_vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"MEDIUM","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html","http://marc.info/?l=bugtraq&m=141017844705317&w=2","http://mx.gw.com/pipermail/file/2014/001553.html","http://rhn.redhat.com/errata/RHSA-2014-1765.html","http://rhn.redhat.com/errata/RHSA-2014-1766.html","http://secunia.com/advisories/59794","http://secunia.com/advisories/59831","http://support.apple.com/kb/HT6443","http://www.debian.org/security/2014/dsa-2974","http://www.debian.org/security/2014/dsa-3021","http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.php.net/ChangeLog-5.php","http://www.securityfocus.com/bid/68241","https://bugs.php.net/bug.php?id=67411","https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67","https://support.apple.com/HT204659"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-3480","description":"The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.","published_date":"2014-07-09T11:07:00Z","modified_date":"2016-11-28T19:11:00Z","cvss_score":"4.3","cvss_vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"MEDIUM","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html","http://marc.info/?l=bugtraq&m=141017844705317&w=2","http://mx.gw.com/pipermail/file/2014/001553.html","http://rhn.redhat.com/errata/RHSA-2014-1765.html","http://rhn.redhat.com/errata/RHSA-2014-1766.html","http://secunia.com/advisories/59794","http://secunia.com/advisories/59831","http://support.apple.com/kb/HT6443","http://www.debian.org/security/2014/dsa-2974","http://www.debian.org/security/2014/dsa-3021","http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.php.net/ChangeLog-5.php","http://www.securityfocus.com/bid/68238","https://bugs.php.net/bug.php?id=67412","https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382","https://support.apple.com/HT204659"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2019-8904","description":"do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.","published_date":"2019-02-18T17:29:00Z","modified_date":"2019-03-26T17:46:00Z","cvss_score":"8.8","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://www.securityfocus.com/bid/107130","https://bugs.astron.com/view.php?id=62","https://usn.ubuntu.com/3911-1/"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-9620","description":"The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.","published_date":"2015-01-21T18:59:00Z","modified_date":"2018-06-16T01:29:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://advisories.mageia.org/MGASA-2015-0040.html","http://mx.gw.com/pipermail/file/2014/001653.html","http://mx.gw.com/pipermail/file/2015/001660.html","http://rhn.redhat.com/errata/RHSA-2016-0760.html","http://www.debian.org/security/2015/dsa-3121","http://www.openwall.com/lists/oss-security/2015/01/17/9","http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","http://www.securityfocus.com/bid/71715","https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4","https://security.gentoo.org/glsa/201503-08","https://usn.ubuntu.com/3686-1/"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2019-5953","description":"Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.","published_date":"2019-05-17T16:29:00Z","modified_date":"2019-07-02T23:15:00Z","cvss_score":"9.8","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update wget' to update your system.","references":["http://jvn.jp/en/jp/JVN25261088/index.html","https://access.redhat.com/errata/RHSA-2019:2979","https://access.redhat.com/errata/RHSA-2019:3168","https://security.gentoo.org/glsa/201908-19","https://support.f5.com/csp/article/K14560101","https://www.gnu.org/software/wget/"]},"packages":[{"name":"wget","version":"1.14","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-4448","description":"Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.","published_date":"2016-06-09T16:59:00Z","modified_date":"2019-12-27T16:08:00Z","cvss_score":"9.8","cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html","http://rhn.redhat.com/errata/RHSA-2016-2957.html","http://www.openwall.com/lists/oss-security/2016/05/25/2","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/90856","http://www.securitytracker.com/id/1036348","http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722","http://xmlsoft.org/news.html","https://access.redhat.com/errata/RHSA-2016:1292","https://bugzilla.redhat.com/show_bug.cgi?id=1338700","https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9","https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709","https://kc.mcafee.com/corporate/index?page=content&id=SB10170","https://support.apple.com/HT206899","https://support.apple.com/HT206901","https://support.apple.com/HT206902","https://support.apple.com/HT206903","https://support.apple.com/HT206904","https://support.apple.com/HT206905","https://www.tenable.com/security/tns-2016-18"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-1838","description":"The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.","published_date":"2016-05-20T10:59:00Z","modified_date":"2019-03-25T17:26:00Z","cvss_score":"5.5","cvss_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","access_vector":"LOCAL","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/May/msg00001.html","http://lists.apple.com/archives/security-announce/2016/May/msg00002.html","http://lists.apple.com/archives/security-announce/2016/May/msg00003.html","http://lists.apple.com/archives/security-announce/2016/May/msg00004.html","http://rhn.redhat.com/errata/RHSA-2016-2957.html","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/90691","http://www.securitytracker.com/id/1035890","http://www.ubuntu.com/usn/USN-2994-1","http://xmlsoft.org/news.html","https://access.redhat.com/errata/RHSA-2016:1292","https://bugs.chromium.org/p/project-zero/issues/detail?id=639","https://bugzilla.gnome.org/show_bug.cgi?id=758588","https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9","https://kc.mcafee.com/corporate/index?page=content&id=SB10170","https://security.gentoo.org/glsa/201701-37","https://support.apple.com/HT206564","https://support.apple.com/HT206566","https://support.apple.com/HT206567","https://support.apple.com/HT206568","https://www.debian.org/security/2016/dsa-3593","https://www.tenable.com/security/tns-2016-18"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-4877","description":"Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.","published_date":"2014-10-29T10:55:00Z","modified_date":"2017-02-17T02:59:00Z","cvss_score":"9.3","cvss_vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","access_vector":"NETWORK","access_complexity":"MEDIUM","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update wget' to update your system.","references":["http://advisories.mageia.org/MGASA-2014-0431.html","http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7","http://git.savannah.gnu.org/cgit/wget.git/commit/?id=b4440d96cf8173d68ecaa07c36b8f4316ee794d0","http://lists.gnu.org/archive/html/bug-wget/2014-10/msg00150.html","http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00009.html","http://lists.opensuse.org/opensuse-updates/2014-11/msg00026.html","http://rhn.redhat.com/errata/RHSA-2014-1764.html","http://rhn.redhat.com/errata/RHSA-2014-1955.html","http://security.gentoo.org/glsa/glsa-201411-05.xml","http://www.debian.org/security/2014/dsa-3062","http://www.kb.cert.org/vuls/id/685996","http://www.mandriva.com/security/advisories?name=MDVSA-2015:121","http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","http://www.securityfocus.com/bid/70751","http://www.ubuntu.com/usn/USN-2393-1","https://bugzilla.redhat.com/show_bug.cgi?id=1139181","https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access","https://github.com/rapid7/metasploit-framework/pull/4088","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722","https://kc.mcafee.com/corporate/index?page=content&id=SB10106"]},"packages":[{"name":"wget","version":"1.14","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-9621","description":"The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.","published_date":"2015-01-21T18:59:00Z","modified_date":"2018-06-16T01:29:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://advisories.mageia.org/MGASA-2015-0040.html","http://mx.gw.com/pipermail/file/2014/001654.html","http://mx.gw.com/pipermail/file/2015/001660.html","http://www.openwall.com/lists/oss-security/2015/01/17/9","https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c","https://security.gentoo.org/glsa/201503-08","https://usn.ubuntu.com/3686-1/"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-1840","description":"Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.","published_date":"2016-05-20T10:59:00Z","modified_date":"2019-03-25T17:27:00Z","cvss_score":"7.8","cvss_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","access_vector":"LOCAL","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/May/msg00001.html","http://lists.apple.com/archives/security-announce/2016/May/msg00002.html","http://lists.apple.com/archives/security-announce/2016/May/msg00003.html","http://lists.apple.com/archives/security-announce/2016/May/msg00004.html","http://rhn.redhat.com/errata/RHSA-2016-2957.html","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/90691","http://www.securitytracker.com/id/1035890","http://www.ubuntu.com/usn/USN-2994-1","http://xmlsoft.org/news.html","https://access.redhat.com/errata/RHSA-2016:1292","https://bugzilla.gnome.org/show_bug.cgi?id=757711","https://git.gnome.org/browse/libxml2/commit/?id=cbb271655cadeb8dbb258a64701d9a3a0c4835b4","https://kc.mcafee.com/corporate/index?page=content&id=SB10170","https://security.gentoo.org/glsa/201701-37","https://support.apple.com/HT206564","https://support.apple.com/HT206566","https://support.apple.com/HT206567","https://support.apple.com/HT206568","https://www.debian.org/security/2016/dsa-3593","https://www.tenable.com/security/tns-2016-18"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2018-5729","description":"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.","published_date":"2018-03-06T20:29:00Z","modified_date":"2020-01-21T15:47:00Z","cvss_score":"4.7","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","access_vector":"NETWORK","access_complexity":"LOW","auth":"MULTIPLE","availability_impact":"PARTIAL","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL","cwe":"","cpe":[],"remediation":"Run 'yum update krb5' to update your system.","references":["http://www.securitytracker.com/id/1042071","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3071","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869","https://bugzilla.redhat.com/show_bug.cgi?id=1551083","https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1","https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/"]},"packages":[{"name":"krb5-libs","version":"1.15.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-1835","description":"Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.","published_date":"2016-05-20T10:59:00Z","modified_date":"2018-01-05T02:30:00Z","cvss_score":"8.8","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/May/msg00002.html","http://lists.apple.com/archives/security-announce/2016/May/msg00004.html","http://rhn.redhat.com/errata/RHSA-2016-2957.html","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/90696","http://www.securitytracker.com/id/1035890","http://www.ubuntu.com/usn/USN-2994-1","http://xmlsoft.org/news.html","https://access.redhat.com/errata/RHSA-2016:1292","https://bugzilla.gnome.org/show_bug.cgi?id=759020","https://git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fb","https://kc.mcafee.com/corporate/index?page=content&id=SB10170","https://support.apple.com/HT206567","https://support.apple.com/HT206568","https://www.debian.org/security/2016/dsa-3593","https://www.tenable.com/security/tns-2016-18"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-3705","description":"The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.","published_date":"2016-05-17T14:08:00Z","modified_date":"2018-10-30T16:27:00Z","cvss_score":"7.5","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html","http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html","http://rhn.redhat.com/errata/RHSA-2016-2957.html","http://seclists.org/fulldisclosure/2016/May/10","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/89854","http://www.ubuntu.com/usn/USN-2994-1","https://access.redhat.com/errata/RHSA-2016:1292","https://bugzilla.gnome.org/show_bug.cgi?id=765207","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239","https://kc.mcafee.com/corporate/index?page=content&id=SB10170","https://security.gentoo.org/glsa/201701-37","https://www.debian.org/security/2016/dsa-3593","https://www.tenable.com/security/tns-2016-18"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2018-12404","description":"A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.","published_date":"2019-05-02T17:29:00Z","modified_date":"2019-07-20T12:15:00Z","cvss_score":"5.9","cvss_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","access_vector":"NETWORK","access_complexity":"HIGH","auth":"NONE","availability_impact":"NONE","confidentiality_impact":"COMPLETE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update nss' to update your system.\n\nRun 'yum update nss-softokn' to update your system.\n\nRun 'yum update nss-util' to update your system.\n\nRun 'yum update nspr' to update your system.","references":["http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html","http://www.securityfocus.com/bid/107260","https://access.redhat.com/errata/RHSA-2019:2237","https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"]},"packages":[{"name":"nss-softokn","version":"3.44.0","type":"linux"},{"name":"nss","version":"3.44.0","type":"linux"},{"name":"nss-util","version":"3.44.0","type":"linux"},{"name":"nss-tools","version":"3.44.0","type":"linux"},{"name":"nss-softokn-freebl","version":"3.44.0","type":"linux"},{"name":"nspr","version":"4.21.0","type":"linux"},{"name":"nss-sysinit","version":"3.44.0","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-3478","description":"Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.","published_date":"2014-07-09T11:07:00Z","modified_date":"2016-11-28T19:11:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html","http://marc.info/?l=bugtraq&m=141017844705317&w=2","http://mx.gw.com/pipermail/file/2014/001553.html","http://rhn.redhat.com/errata/RHSA-2014-1327.html","http://rhn.redhat.com/errata/RHSA-2014-1765.html","http://rhn.redhat.com/errata/RHSA-2014-1766.html","http://secunia.com/advisories/59794","http://secunia.com/advisories/59831","http://support.apple.com/kb/HT6443","http://www.debian.org/security/2014/dsa-2974","http://www.debian.org/security/2014/dsa-3021","http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.php.net/ChangeLog-5.php","http://www.securityfocus.com/bid/68239","https://bugs.php.net/bug.php?id=67410","https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08","https://support.apple.com/HT204659"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-1839","description":"The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.","published_date":"2016-05-20T10:59:00Z","modified_date":"2019-03-25T17:27:00Z","cvss_score":"5.5","cvss_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","access_vector":"LOCAL","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/May/msg00001.html","http://lists.apple.com/archives/security-announce/2016/May/msg00002.html","http://lists.apple.com/archives/security-announce/2016/May/msg00003.html","http://lists.apple.com/archives/security-announce/2016/May/msg00004.html","http://rhn.redhat.com/errata/RHSA-2016-2957.html","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/90691","http://www.securitytracker.com/id/1035890","http://www.securitytracker.com/id/1038623","http://www.ubuntu.com/usn/USN-2994-1","http://xmlsoft.org/news.html","https://access.redhat.com/errata/RHSA-2016:1292","https://bugzilla.gnome.org/show_bug.cgi?id=758605","https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33","https://kc.mcafee.com/corporate/index?page=content&id=SB10170","https://security.gentoo.org/glsa/201701-37","https://support.apple.com/HT206564","https://support.apple.com/HT206566","https://support.apple.com/HT206567","https://support.apple.com/HT206568","https://www.debian.org/security/2016/dsa-3593","https://www.tenable.com/security/tns-2016-18"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2019-18218","description":"cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).","published_date":"2019-10-21T05:15:00Z","modified_date":"2019-10-26T11:15:00Z","cvss_score":"9.8","cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780","https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84","https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/","https://security.gentoo.org/glsa/202003-24","https://security.netapp.com/advisory/ntap-20200115-0001/","https://usn.ubuntu.com/4172-1/","https://usn.ubuntu.com/4172-2/","https://www.debian.org/security/2019/dsa-4550"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-0238","description":"The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.","published_date":"2014-06-01T04:29:00Z","modified_date":"2017-01-07T02:59:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html","http://rhn.redhat.com/errata/RHSA-2014-1765.html","http://rhn.redhat.com/errata/RHSA-2014-1766.html","http://secunia.com/advisories/59061","http://secunia.com/advisories/59329","http://secunia.com/advisories/59418","http://secunia.com/advisories/60998","http://support.apple.com/kb/HT6443","http://www.debian.org/security/2014/dsa-3021","http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.php.net/ChangeLog-5.php","http://www.securityfocus.com/bid/67765","http://www-01.ibm.com/support/docview.wss?uid=swg21683486","https://bugs.php.net/bug.php?id=67327","https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0","https://support.apple.com/HT204659"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2019-8906","description":"do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.","published_date":"2019-02-18T17:29:00Z","modified_date":"2019-04-16T16:01:00Z","cvss_score":"8.8","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html","https://bugs.astron.com/view.php?id=64","https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f","https://support.apple.com/kb/HT209599","https://support.apple.com/kb/HT209600","https://support.apple.com/kb/HT209601","https://support.apple.com/kb/HT209602","https://usn.ubuntu.com/3911-1/"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2018-5730","description":"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.","published_date":"2018-03-06T20:29:00Z","modified_date":"2020-01-21T15:47:00Z","cvss_score":"3.8","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N","access_vector":"NETWORK","access_complexity":"LOW","auth":"MULTIPLE","availability_impact":"NONE","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL","cwe":"","cpe":[],"remediation":"Run 'yum update krb5' to update your system.","references":["http://www.securitytracker.com/id/1042071","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3071","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869","https://bugzilla.redhat.com/show_bug.cgi?id=1551082","https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1","https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/"]},"packages":[{"name":"krb5-libs","version":"1.15.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2019-11745","description":"When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.","published_date":"2020-01-08T20:15:00Z","modified_date":"2020-01-16T19:15:00Z","cvss_score":"8.8","cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update nss' to update your system.\n\nRun 'yum update nss-softokn' to update your system.\n\nRun 'yum update nss-util' to update your system.\n\nRun 'yum update nspr' to update your system.","references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html","https://access.redhat.com/errata/RHSA-2020:0243","https://access.redhat.com/errata/RHSA-2020:0466","https://bugzilla.mozilla.org/show_bug.cgi?id=1586176","https://security.gentoo.org/glsa/202003-02","https://security.gentoo.org/glsa/202003-10","https://security.gentoo.org/glsa/202003-37","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.mozilla.org/security/advisories/mfsa2019-36/","https://www.mozilla.org/security/advisories/mfsa2019-37/","https://www.mozilla.org/security/advisories/mfsa2019-38/"]},"packages":[{"name":"nss-softokn","version":"3.44.0","type":"linux"},{"name":"nss","version":"3.44.0","type":"linux"},{"name":"nss-util","version":"3.44.0","type":"linux"},{"name":"nss-tools","version":"3.44.0","type":"linux"},{"name":"nss-softokn-freebl","version":"3.44.0","type":"linux"},{"name":"nspr","version":"4.21.0","type":"linux"},{"name":"nss-sysinit","version":"3.44.0","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-4971","description":"GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.","published_date":"2016-06-30T17:59:00Z","modified_date":"2018-01-05T02:30:00Z","cvss_score":"8.8","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update wget' to update your system.","references":["http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1","http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html","http://lists.opensuse.org/opensuse-updates/2016-08/msg00043.html","http://rhn.redhat.com/errata/RHSA-2016-2587.html","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.securityfocus.com/bid/91530","http://www.securitytracker.com/id/1036133","http://www.ubuntu.com/usn/USN-3012-1","https://bugzilla.redhat.com/show_bug.cgi?id=1343666","https://security.gentoo.org/glsa/201610-11","https://security.paloaltonetworks.com/CVE-2016-4971","https://www.exploit-db.com/exploits/40064/"]},"packages":[{"name":"wget","version":"1.14","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-0718","description":"Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.","published_date":"2016-05-26T16:59:00Z","modified_date":"2018-11-16T16:44:00Z","cvss_score":"9.8","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update expat' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html","http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html","http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html","http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html","http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html","http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html","http://rhn.redhat.com/errata/RHSA-2016-2824.html","http://seclists.org/fulldisclosure/2017/Feb/68","http://support.eset.com/ca6333/","http://www.debian.org/security/2016/dsa-3582","http://www.mozilla.org/security/announce/2016/mfsa2016-68.html","http://www.openwall.com/lists/oss-security/2016/05/17/12","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.securityfocus.com/bid/90729","http://www.securitytracker.com/id/1036348","http://www.securitytracker.com/id/1036415","http://www.securitytracker.com/id/1037705","http://www.ubuntu.com/usn/USN-2983-1","http://www.ubuntu.com/usn/USN-3044-1","https://access.redhat.com/errata/RHSA-2018:2486","https://bugzilla.mozilla.org/show_bug.cgi?id=1236923","https://bugzilla.redhat.com/show_bug.cgi?id=1296102","https://security.gentoo.org/glsa/201701-21","https://source.android.com/security/bulletin/2016-11-01.html","https://support.apple.com/HT206903","https://www.tenable.com/security/tns-2016-20"]},"packages":[{"name":"expat","version":"2.1.0","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-1836","description":"Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.","published_date":"2016-05-20T10:59:00Z","modified_date":"2019-03-25T17:25:00Z","cvss_score":"5.5","cvss_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","access_vector":"LOCAL","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html","http://lists.apple.com/archives/security-announce/2016/May/msg00001.html","http://lists.apple.com/archives/security-announce/2016/May/msg00002.html","http://lists.apple.com/archives/security-announce/2016/May/msg00003.html","http://lists.apple.com/archives/security-announce/2016/May/msg00004.html","http://rhn.redhat.com/errata/RHSA-2016-2957.html","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/90691","http://www.securitytracker.com/id/1035890","http://www.ubuntu.com/usn/USN-2994-1","http://xmlsoft.org/news.html","https://access.redhat.com/errata/RHSA-2016:1292","https://bugzilla.gnome.org/show_bug.cgi?id=759398","https://git.gnome.org/browse/libxml2/commit/?id=45752d2c334b50016666d8f0ec3691e2d680f0a0","https://kc.mcafee.com/corporate/index?page=content&id=SB10170","https://security.gentoo.org/glsa/201701-37","https://support.apple.com/HT206564","https://support.apple.com/HT206566","https://support.apple.com/HT206567","https://support.apple.com/HT206568","https://support.apple.com/HT206899","https://support.apple.com/HT206901","https://support.apple.com/HT206902","https://support.apple.com/HT206903","https://support.apple.com/HT206904","https://support.apple.com/HT206905","https://www.debian.org/security/2016/dsa-3593","https://www.tenable.com/security/tns-2016-18"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2015-8317","description":"The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.","published_date":"2015-12-15T21:59:00Z","modified_date":"2017-09-14T01:29:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"NONE","confidentiality_impact":"PARTIAL","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html","http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html","http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","http://marc.info/?l=bugtraq&m=145382616617563&w=2","http://rhn.redhat.com/errata/RHSA-2015-2549.html","http://rhn.redhat.com/errata/RHSA-2016-1089.html","http://www.debian.org/security/2015/dsa-3430","http://www.openwall.com/lists/oss-security/2015/11/21/1","http://www.openwall.com/lists/oss-security/2015/11/22/3","http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/77681","http://www.securityfocus.com/bid/91826","http://www.securitytracker.com/id/1034243","http://www.ubuntu.com/usn/USN-2834-1","https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html","https://bugzilla.gnome.org/show_bug.cgi?id=751603","https://bugzilla.gnome.org/show_bug.cgi?id=751631","https://bugzilla.redhat.com/show_bug.cgi?id=1281930","https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e","https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172","https://support.apple.com/HT206899","https://support.apple.com/HT206901","https://support.apple.com/HT206902","https://support.apple.com/HT206903","https://support.apple.com/HT206904","https://support.apple.com/HT206905"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2015-7498","description":"Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.","published_date":"2015-12-15T21:59:00Z","modified_date":"2017-09-14T01:29:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","http://marc.info/?l=bugtraq&m=145382616617563&w=2","http://rhn.redhat.com/errata/RHSA-2015-2549.html","http://rhn.redhat.com/errata/RHSA-2015-2550.html","http://rhn.redhat.com/errata/RHSA-2016-1089.html","http://www.debian.org/security/2015/dsa-3430","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/79548","http://www.securitytracker.com/id/1034243","http://www.ubuntu.com/usn/USN-2834-1","http://xmlsoft.org/news.html","https://bugzilla.redhat.com/show_bug.cgi?id=1281879","https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172","https://security.gentoo.org/glsa/201701-37"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-1834","description":"Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.","published_date":"2016-05-20T10:59:00Z","modified_date":"2019-03-25T17:24:00Z","cvss_score":"7.8","cvss_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","access_vector":"LOCAL","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/May/msg00001.html","http://lists.apple.com/archives/security-announce/2016/May/msg00002.html","http://lists.apple.com/archives/security-announce/2016/May/msg00003.html","http://lists.apple.com/archives/security-announce/2016/May/msg00004.html","http://rhn.redhat.com/errata/RHSA-2016-2957.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/90691","http://www.securitytracker.com/id/1035890","http://www.ubuntu.com/usn/USN-2994-1","http://xmlsoft.org/news.html","https://access.redhat.com/errata/RHSA-2016:1292","https://bugzilla.gnome.org/show_bug.cgi?id=763071","https://git.gnome.org/browse/libxml2/commit/?id=8fbbf5513d609c1770b391b99e33314cd0742704","https://kc.mcafee.com/corporate/index?page=content&id=SB10170","https://support.apple.com/HT206564","https://support.apple.com/HT206566","https://support.apple.com/HT206567","https://support.apple.com/HT206568","https://www.debian.org/security/2016/dsa-3593","https://www.tenable.com/security/tns-2016-18"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2018-9234","description":"GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.","published_date":"2018-04-04T00:29:00Z","modified_date":"2019-02-27T19:37:00Z","cvss_score":"7.5","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"NONE","confidentiality_impact":"COMPLETE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update gnupg2' to update your system.","references":["https://dev.gnupg.org/T3844","https://usn.ubuntu.com/3675-1/"]},"packages":[{"name":"gnupg2","version":"2.0.22","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2017-13089","description":"The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.","published_date":"2017-10-27T19:29:00Z","modified_date":"2017-12-30T02:29:00Z","cvss_score":"8.8","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update wget' to update your system.","references":["http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f","http://www.debian.org/security/2017/dsa-4008","http://www.securityfocus.com/bid/101592","http://www.securitytracker.com/id/1039661","https://access.redhat.com/errata/RHSA-2017:3075","https://github.com/r1b/CVE-2017-13089","https://security.gentoo.org/glsa/201711-06","https://www.synology.com/support/security/Synology_SA_17_62_Wget","https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html"]},"packages":[{"name":"wget","version":"1.14","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-4617","description":"The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.","published_date":"2014-06-25T11:19:00Z","modified_date":"2018-10-30T16:27:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update gnupg2' to update your system.","references":["http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342","http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a","http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html","http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html","http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html","http://secunia.com/advisories/59213","http://secunia.com/advisories/59351","http://secunia.com/advisories/59534","http://secunia.com/advisories/59578","http://www.debian.org/security/2014/dsa-2967","http://www.debian.org/security/2014/dsa-2968","http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","http://www.ubuntu.com/usn/USN-2258-1"]},"packages":[{"name":"gnupg2","version":"2.0.22","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-3538","description":"file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.","published_date":"2014-07-03T14:55:00Z","modified_date":"2018-01-05T02:29:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html","http://mx.gw.com/pipermail/file/2014/001553.html","http://openwall.com/lists/oss-security/2014/06/30/7","http://rhn.redhat.com/errata/RHSA-2014-1327.html","http://rhn.redhat.com/errata/RHSA-2014-1765.html","http://rhn.redhat.com/errata/RHSA-2014-1766.html","http://rhn.redhat.com/errata/RHSA-2016-0760.html","http://secunia.com/advisories/60696","http://www.debian.org/security/2014/dsa-3008","http://www.debian.org/security/2014/dsa-3021","http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/68348","https://bugzilla.redhat.com/show_bug.cgi?id=1098222","https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320","https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610","https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668","https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3","https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991","https://support.apple.com/HT204659"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-9653","description":"readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.","published_date":"2015-03-30T10:59:00Z","modified_date":"2018-06-16T01:29:00Z","cvss_score":"7.5","cvss_vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://bugs.gw.com/view.php?id=409","http://marc.info/?l=bugtraq&m=143748090628601&w=2","http://marc.info/?l=bugtraq&m=144050155601375&w=2","http://mx.gw.com/pipermail/file/2014/001649.html","http://openwall.com/lists/oss-security/2015/02/05/13","http://php.net/ChangeLog-5.php","http://rhn.redhat.com/errata/RHSA-2016-0760.html","http://www.debian.org/security/2015/dsa-3196","http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/72516","https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f","https://security.gentoo.org/glsa/201701-42","https://usn.ubuntu.com/3686-1/"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2015-7942","description":"The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.","published_date":"2015-11-18T16:59:00Z","modified_date":"2019-03-08T16:06:00Z","cvss_score":"6.8","cvss_vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","access_vector":"NETWORK","access_complexity":"MEDIUM","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html","http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","http://marc.info/?l=bugtraq&m=145382616617563&w=2","http://rhn.redhat.com/errata/RHSA-2015-2549.html","http://rhn.redhat.com/errata/RHSA-2015-2550.html","http://rhn.redhat.com/errata/RHSA-2016-1089.html","http://www.debian.org/security/2015/dsa-3430","http://www.openwall.com/lists/oss-security/2015/10/22/5","http://www.openwall.com/lists/oss-security/2015/10/22/8","http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/79507","http://www.securitytracker.com/id/1034243","http://www.ubuntu.com/usn/USN-2812-1","http://xmlsoft.org/news.html","https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8","https://bugzilla.gnome.org/show_bug.cgi?id=756456","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172","https://security.gentoo.org/glsa/201701-37","https://support.apple.com/HT206166","https://support.apple.com/HT206167","https://support.apple.com/HT206168","https://support.apple.com/HT206169"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2018-0494","description":"GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \\r\\n sequence in a continuation line.","published_date":"2018-05-06T22:29:00Z","modified_date":"2019-03-15T01:22:00Z","cvss_score":"6.5","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"NONE","confidentiality_impact":"NONE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update wget' to update your system.","references":["http://www.securityfocus.com/bid/104129","http://www.securitytracker.com/id/1040838","https://access.redhat.com/errata/RHSA-2018:3052","https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd","https://lists.debian.org/debian-lts-announce/2018/05/msg00006.html","https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html","https://savannah.gnu.org/bugs/?53763","https://security.gentoo.org/glsa/201806-01","https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt","https://usn.ubuntu.com/3643-1/","https://usn.ubuntu.com/3643-2/","https://www.debian.org/security/2018/dsa-4195","https://www.exploit-db.com/exploits/44601/"]},"packages":[{"name":"wget","version":"1.14","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2019-8907","description":"do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.","published_date":"2019-02-18T17:29:00Z","modified_date":"2019-04-12T12:29:00Z","cvss_score":"8.8","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00053.html","https://bugs.astron.com/view.php?id=65","https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html","https://usn.ubuntu.com/3911-1/"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2017-6508","description":"CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL.","published_date":"2017-03-07T08:59:00Z","modified_date":"2017-07-01T01:30:00Z","cvss_score":"6.1","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"NONE","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL","cwe":"","cpe":[],"remediation":"Run 'yum update wget' to update your system.","references":["http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4","http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html","http://www.securityfocus.com/bid/96877","https://security.gentoo.org/glsa/201706-16"]},"packages":[{"name":"wget","version":"1.14","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-1833","description":"The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.","published_date":"2016-05-20T10:59:00Z","modified_date":"2019-03-25T17:22:00Z","cvss_score":"5.5","cvss_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","access_vector":"LOCAL","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/May/msg00001.html","http://lists.apple.com/archives/security-announce/2016/May/msg00002.html","http://lists.apple.com/archives/security-announce/2016/May/msg00003.html","http://lists.apple.com/archives/security-announce/2016/May/msg00004.html","http://rhn.redhat.com/errata/RHSA-2016-2957.html","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/90691","http://www.securitytracker.com/id/1035890","http://www.ubuntu.com/usn/USN-2994-1","http://xmlsoft.org/news.html","https://access.redhat.com/errata/RHSA-2016:1292","https://bugs.chromium.org/p/project-zero/issues/detail?id=636","https://bugzilla.gnome.org/show_bug.cgi?id=758606","https://git.gnome.org/browse/libxml2/commit/?id=0bcd05c5cd83dec3406c8f68b769b1d610c72f76","https://kc.mcafee.com/corporate/index?page=content&id=SB10170","https://support.apple.com/HT206564","https://support.apple.com/HT206566","https://support.apple.com/HT206567","https://support.apple.com/HT206568","https://www.debian.org/security/2016/dsa-3593","https://www.tenable.com/security/tns-2016-18"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2019-5482","description":"Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.","published_date":"2019-09-16T19:15:00Z","modified_date":"2019-09-18T00:15:00Z","cvss_score":"9.8","cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE","cwe":"","cpe":[],"remediation":"Run 'yum update curl' to update your system.","references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html","https://curl.haxx.se/docs/CVE-2019-5482.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/","https://seclists.org/bugtraq/2020/Feb/36","https://security.gentoo.org/glsa/202003-29","https://security.netapp.com/advisory/ntap-20191004-0003/","https://security.netapp.com/advisory/ntap-20200416-0003/","https://www.debian.org/security/2020/dsa-4633","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html"]},"packages":[{"name":"curl","version":"7.61.1","type":"linux"},{"name":"libcurl","version":"7.61.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2015-8242","description":"The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.","published_date":"2015-12-15T21:59:00Z","modified_date":"2019-03-08T16:06:00Z","cvss_score":"5.8","cvss_vector":"AV:N/AC:M/Au:N/C:P/I:N/A:P","access_vector":"NETWORK","access_complexity":"MEDIUM","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"PARTIAL","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","http://marc.info/?l=bugtraq&m=145382616617563&w=2","http://rhn.redhat.com/errata/RHSA-2015-2549.html","http://rhn.redhat.com/errata/RHSA-2015-2550.html","http://rhn.redhat.com/errata/RHSA-2016-1089.html","http://www.openwall.com/lists/oss-security/2015/11/17/5","http://www.openwall.com/lists/oss-security/2015/11/18/23","http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/77681","http://www.securitytracker.com/id/1034243","http://www.ubuntu.com/usn/USN-2834-1","http://xmlsoft.org/news.html","https://bugzilla.gnome.org/show_bug.cgi?id=756372","https://bugzilla.redhat.com/show_bug.cgi?id=1281950","https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172","https://security.gentoo.org/glsa/201701-37","https://support.apple.com/HT206166","https://support.apple.com/HT206167","https://support.apple.com/HT206168","https://support.apple.com/HT206169"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2015-7499","description":"Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.","published_date":"2015-12-15T21:59:00Z","modified_date":"2019-03-19T01:04:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"NONE","confidentiality_impact":"PARTIAL","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","http://marc.info/?l=bugtraq&m=145382616617563&w=2","http://rhn.redhat.com/errata/RHSA-2015-2549.html","http://rhn.redhat.com/errata/RHSA-2015-2550.html","http://rhn.redhat.com/errata/RHSA-2016-1089.html","http://www.debian.org/security/2015/dsa-3430","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/79509","http://www.securitytracker.com/id/1034243","http://www.ubuntu.com/usn/USN-2834-1","http://xmlsoft.org/news.html","https://bugzilla.redhat.com/show_bug.cgi?id=1281925","https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc","https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172","https://security.gentoo.org/glsa/201701-37","https://support.apple.com/HT206166","https://support.apple.com/HT206167","https://support.apple.com/HT206168","https://support.apple.com/HT206169"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2020-7212","description":"The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2).","published_date":"2020-03-06T20:15:00Z","modified_date":"2020-03-09T16:55:00Z","cvss_score":"7.5","cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"","references":["https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-559452","https://github.com/urllib3/urllib3/blob/master/CHANGES.rst","https://github.com/urllib3/urllib3/commit/a74c9cfbaed9f811e7563cfc3dce894928e0221a","https://pypi.org/project/urllib3/1.25.8/"]},"packages":[{"name":"urllib3","version":"1.25.6","type":"python"}]},{"nvdFinding":{"cve":"CVE-2015-7941","description":"libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.","published_date":"2015-11-18T16:59:00Z","modified_date":"2017-09-14T01:29:00Z","cvss_score":"4.3","cvss_vector":"AV:N/AC:M/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"MEDIUM","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html","http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","http://marc.info/?l=bugtraq&m=145382616617563&w=2","http://rhn.redhat.com/errata/RHSA-2015-2549.html","http://rhn.redhat.com/errata/RHSA-2015-2550.html","http://rhn.redhat.com/errata/RHSA-2016-1089.html","http://www.debian.org/security/2015/dsa-3430","http://www.openwall.com/lists/oss-security/2015/10/22/5","http://www.openwall.com/lists/oss-security/2015/10/22/8","http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/74241","http://www.securitytracker.com/id/1034243","http://www.ubuntu.com/usn/USN-2812-1","http://xmlsoft.org/news.html","https://bugzilla.gnome.org/show_bug.cgi?id=744980","https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489","https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172","https://security.gentoo.org/glsa/201701-37"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-1762","description":"The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.","published_date":"2016-03-24T01:59:00Z","modified_date":"2019-03-26T17:11:00Z","cvss_score":"8.1","cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html","http://rhn.redhat.com/errata/RHSA-2016-2957.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/85059","http://www.securitytracker.com/id/1035353","http://www.ubuntu.com/usn/USN-2994-1","http://xmlsoft.org/news.html","https://access.redhat.com/errata/RHSA-2016:1292","https://bugzilla.gnome.org/show_bug.cgi?id=759671","https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602","https://kc.mcafee.com/corporate/index?page=content&id=SB10170","https://support.apple.com/HT206166","https://support.apple.com/HT206167","https://support.apple.com/HT206168","https://support.apple.com/HT206169","https://support.apple.com/HT206171","https://www.debian.org/security/2016/dsa-3593"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2015-1819","description":"The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.","published_date":"2015-08-14T18:59:00Z","modified_date":"2019-12-27T16:08:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html","http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","http://rhn.redhat.com/errata/RHSA-2015-1419.html","http://rhn.redhat.com/errata/RHSA-2015-2550.html","http://www.debian.org/security/2015/dsa-3430","http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/75570","http://www.securitytracker.com/id/1034243","http://www.ubuntu.com/usn/USN-2812-1","http://xmlsoft.org/news.html","https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9","https://security.gentoo.org/glsa/201507-08","https://security.gentoo.org/glsa/201701-37","https://support.apple.com/HT206166","https://support.apple.com/HT206167","https://support.apple.com/HT206168","https://support.apple.com/HT206169"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2015-1606","description":"The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.","published_date":"2019-11-20T19:15:00Z","modified_date":"2019-11-22T16:33:00Z","cvss_score":"5.5","cvss_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","access_vector":"LOCAL","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update gnupg2' to update your system.","references":["http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648","http://www.debian.org/security/2015/dsa-3184","http://www.openwall.com/lists/oss-security/2015/02/13/14","http://www.openwall.com/lists/oss-security/2015/02/14/6","http://www.securitytracker.com/id/1031876","https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html"]},"packages":[{"name":"gnupg2","version":"2.0.22","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2016-1837","description":"Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.","published_date":"2016-05-20T10:59:00Z","modified_date":"2019-03-25T17:26:00Z","cvss_score":"5.5","cvss_vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","access_vector":"LOCAL","access_complexity":"LOW","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/May/msg00001.html","http://lists.apple.com/archives/security-announce/2016/May/msg00002.html","http://lists.apple.com/archives/security-announce/2016/May/msg00003.html","http://lists.apple.com/archives/security-announce/2016/May/msg00004.html","http://rhn.redhat.com/errata/RHSA-2016-2957.html","http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","http://www.securityfocus.com/bid/90691","http://www.securitytracker.com/id/1035890","http://www.ubuntu.com/usn/USN-2994-1","http://xmlsoft.org/news.html","https://access.redhat.com/errata/RHSA-2016:1292","https://bugzilla.gnome.org/show_bug.cgi?id=760263","https://git.gnome.org/browse/libxml2/commit/?id=11ed4a7a90d5ce156a18980a4ad4e53e77384852","https://kc.mcafee.com/corporate/index?page=content&id=SB10170","https://support.apple.com/HT206564","https://support.apple.com/HT206566","https://support.apple.com/HT206567","https://support.apple.com/HT206568","https://www.debian.org/security/2016/dsa-3593","https://www.tenable.com/security/tns-2016-18"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2015-5312","description":"The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.","published_date":"2015-12-15T21:59:00Z","modified_date":"2019-03-08T16:06:00Z","cvss_score":"7.1","cvss_vector":"AV:N/AC:M/Au:N/C:N/I:N/A:C","access_vector":"NETWORK","access_complexity":"MEDIUM","auth":"NONE","availability_impact":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","http://marc.info/?l=bugtraq&m=145382616617563&w=2","http://rhn.redhat.com/errata/RHSA-2015-2549.html","http://rhn.redhat.com/errata/RHSA-2015-2550.html","http://rhn.redhat.com/errata/RHSA-2016-1089.html","http://www.debian.org/security/2015/dsa-3430","http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/79536","http://www.securitytracker.com/id/1034243","http://www.ubuntu.com/usn/USN-2834-1","http://xmlsoft.org/news.html","https://bugzilla.redhat.com/show_bug.cgi?id=1276693","https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172","https://security.gentoo.org/glsa/201701-37","https://support.apple.com/HT206166","https://support.apple.com/HT206167","https://support.apple.com/HT206168","https://support.apple.com/HT206169"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2015-0247","description":"Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.","published_date":"2015-02-17T15:59:00Z","modified_date":"2018-10-09T19:55:00Z","cvss_score":"4.6","cvss_vector":"AV:L/AC:L/Au:N/C:P/I:P/A:P","access_vector":"LOCAL","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL","cwe":"","cpe":[],"remediation":"Run 'yum update e2fsprogs' to update your system.","references":["http://advisories.mageia.org/MGASA-2015-0061.html","http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4","http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149434.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150606.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150805.html","http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00019.html","http://lists.opensuse.org/opensuse-updates/2015-06/msg00010.html","http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html","http://www.debian.org/security/2015/dsa-3166","http://www.mandriva.com/security/advisories?name=MDVSA-2015:045","http://www.mandriva.com/security/advisories?name=MDVSA-2015:067","http://www.ocert.org/advisories/ocert-2015-002.html","http://www.securityfocus.com/archive/1/534633/100/0/threaded","http://www.securityfocus.com/bid/72520","http://www.ubuntu.com/usn/USN-2507-1","https://bugzilla.redhat.com/show_bug.cgi?id=1187032","https://exchange.xforce.ibmcloud.com/vulnerabilities/100740","https://security.gentoo.org/glsa/201701-06"]},"packages":[{"name":"libcom_err","version":"1.42.9","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2015-7500","description":"The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.","published_date":"2015-12-15T21:59:00Z","modified_date":"2019-03-08T16:06:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update libxml2' to update your system.","references":["http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html","http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","http://marc.info/?l=bugtraq&m=145382616617563&w=2","http://rhn.redhat.com/errata/RHSA-2015-2549.html","http://rhn.redhat.com/errata/RHSA-2015-2550.html","http://rhn.redhat.com/errata/RHSA-2016-1089.html","http://www.debian.org/security/2015/dsa-3430","http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/79562","http://www.securitytracker.com/id/1034243","http://www.ubuntu.com/usn/USN-2834-1","http://xmlsoft.org/news.html","https://bugzilla.redhat.com/show_bug.cgi?id=1281943","https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f","https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172","https://security.gentoo.org/glsa/201701-37","https://support.apple.com/HT206166","https://support.apple.com/HT206167","https://support.apple.com/HT206168","https://support.apple.com/HT206169"]},"packages":[{"name":"libxml2","version":"2.9.1","type":"linux"}]},{"nvdFinding":{"cve":"CVE-2014-8116","description":"The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.","published_date":"2014-12-17T19:59:00Z","modified_date":"2018-01-05T02:29:00Z","cvss_score":"5.0","cvss_vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","access_vector":"NETWORK","access_complexity":"LOW","auth":"NONE","availability_impact":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE","cwe":"","cpe":[],"remediation":"Run 'yum update file' to update your system.","references":["http://advisories.mageia.org/MGASA-2015-0040.html","http://rhn.redhat.com/errata/RHSA-2016-0760.html","http://seclists.org/oss-sec/2014/q4/1056","http://secunia.com/advisories/61944","http://secunia.com/advisories/62081","http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","http://www.securityfocus.com/bid/71700","http://www.securitytracker.com/id/1031344","http://www.ubuntu.com/usn/USN-2494-1","https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog","https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8","https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6","https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"]},"packages":[{"name":"file-libs","version":"5.11","type":"linux"}]}],"os_version":"2","created_at":"2020-02-25T08:29:35.636Z","installed_packages":[{"name":"curl","version":"7.61.1","type":"linux"},{"name":"openssl-libs","version":"1.0.2k","type":"linux"},{"name":"libnghttp2","version":"1.39.2","type":"linux"},{"name":"libassuan","version":"2.1.0","type":"linux"},{"name":"unzip","version":"6.0","type":"linux"},{"name":"zlib","version":"1.2.7","type":"linux"},{"name":"ncurses","version":"6.0","type":"linux"},{"name":"libattr","version":"2.4.46","type":"linux"},{"name":"libsepol","version":"2.5","type":"linux"},{"name":"libcrypt","version":"2.26","type":"linux"},{"name":"info","version":"5.1","type":"linux"},{"name":"pinentry","version":"0.8.1","type":"linux"},{"name":"yum-plugin-ovl","version":"1.1.31","type":"linux"},{"name":"wget","version":"1.14","type":"linux"},{"name":"libxml2","version":"2.9.1","type":"linux"},{"name":"gpg-pubkey","version":"c87f5b1a","type":"linux"},{"name":"setup","version":"2.8.71","type":"linux"},{"name":"botocore","version":"1.13.9","type":"python","license":"Apache License 2.0"},{"name":"ncurses-base","version":"6.0","type":"linux"},{"name":"python-libs","version":"2.7.16","type":"linux"},{"name":"filesystem","version":"3.2","type":"linux"},{"name":"pyliblzma","version":"0.5.3","type":"linux"},{"name":"nss-softokn","version":"3.44.0","type":"linux"},{"name":"pyxattr","version":"0.5.1","type":"linux"},{"name":"gawk","version":"4.0.2","type":"linux"},{"name":"setuptools","version":"41.6.0","type":"python","license":"UNKNOWN"},{"name":"rpm-libs","version":"4.11.3","type":"linux"},{"name":"krb5-libs","version":"1.15.1","type":"linux"},{"name":"pcre","version":"8.32","type":"linux"},{"name":"xz-libs","version":"5.2.2","type":"linux"},{"name":"libverto","version":"0.2.5","type":"linux"},{"name":"chkconfig","version":"1.7.4","type":"linux"},{"name":"vim-minimal","version":"8.1.1602","type":"linux"},{"name":"lua","version":"5.1.4","type":"linux"},{"name":"amazon-linux-extras","version":"1.6.9","type":"linux"},{"name":"yum-metadata-parser","version":"1.1.4","type":"linux"},{"name":"libgcrypt","version":"1.5.3","type":"linux"},{"name":"cyrus-sasl-lib","version":"2.1.26","type":"linux"},{"name":"libmetalink","version":"0.1.2","type":"linux"},{"name":"bzip2-libs","version":"1.0.6","type":"linux"},{"name":"libdb-utils","version":"5.3.21","type":"linux"},{"name":"python-urlgrabber","version":"3.10","type":"linux"},{"name":"system-release","version":"2","type":"linux"},{"name":"glibc-minimal-langpack","version":"2.26","type":"linux"},{"name":"readline","version":"6.2","type":"linux"},{"name":"freetype","version":"2.4.11","type":"linux"},{"name":"tar","version":"1.26","type":"linux"},{"name":"fontpackages-filesystem","version":"1.44","type":"linux"},{"name":"java-11-amazon-corretto-devel","version":"11.0.5.10","type":"linux"},{"name":"nss-pem","version":"1.0.3","type":"linux"},{"name":"glibc-common","version":"2.26","type":"linux"},{"name":"bash","version":"4.2.46","type":"linux"},{"name":"libblkid","version":"2.30.2","type":"linux"},{"name":"grep","version":"2.20","type":"linux"},{"name":"nss","version":"3.44.0","type":"linux"},{"name":"urllib3","version":"1.25.6","type":"python","license":"MIT"},{"name":"libidn2","version":"2.0.4","type":"linux"},{"name":"yum","version":"3.4.3","type":"linux"},{"name":"tzdata","version":"2019b","type":"linux"},{"name":"p11-kit-trust","version":"0.23.5","type":"linux"},{"name":"p11-kit","version":"0.23.5","type":"linux"},{"name":"nss-util","version":"3.44.0","type":"linux"},{"name":"fontconfig","version":"2.10.95","type":"linux"},{"name":"python-dateutil","version":"2.8.0","type":"python","license":"Dual License"},{"name":"python-iniparse","version":"0.4","type":"linux"},{"name":"gmp","version":"6.0.0","type":"linux"},{"name":"wheel","version":"0.33.6","type":"python","license":"MIT"},{"name":"sqlite","version":"3.7.17","type":"linux"},{"name":"libacl","version":"2.2.51","type":"linux"},{"name":"gdbm","version":"1.13","type":"linux"},{"name":"ca-certificates","version":"2018.2.22","type":"linux"},{"name":"popt","version":"1.13","type":"linux"},{"name":"glibc","version":"2.26","type":"linux"},{"name":"libssh2","version":"1.4.3","type":"linux"},{"name":"diffutils","version":"3.3","type":"linux"},{"name":"rpm","version":"4.11.3","type":"linux"},{"name":"python","version":"2.7.16","type":"linux"},{"name":"jmespath","version":"0.9.4","type":"python","license":"MIT"},{"name":"coreutils","version":"8.22","type":"linux"},{"name":"libffi","version":"3.0.13","type":"linux"},{"name":"keyutils-libs","version":"1.5.8","type":"linux"},{"name":"glib2","version":"2.56.1","type":"linux"},{"name":"basesystem","version":"10.0","type":"linux"},{"name":"six","version":"1.12.0","type":"python","license":"MIT"},{"name":"nss-tools","version":"3.44.0","type":"linux"},{"name":"file-libs","version":"5.11","type":"linux"},{"name":"libcurl","version":"7.61.1","type":"linux"},{"name":"gzip","version":"1.5","type":"linux"},{"name":"rsa","version":"3.4.2","type":"python","license":"ASL 2"},{"name":"pip","version":"19.3.1","type":"python","license":"MIT"},{"name":"gpgme","version":"1.3.2","type":"linux"},{"name":"expat","version":"2.1.0","type":"linux"},{"name":"s3transfer","version":"0.2.1","type":"python","license":"Apache License 2.0"},{"name":"libcap","version":"2.22","type":"linux"},{"name":"libmount","version":"2.30.2","type":"linux"},{"name":"libgpg-error","version":"1.12","type":"linux"},{"name":"gnupg2","version":"2.0.22","type":"linux"},{"name":"futures","version":"3.3.0","type":"python","license":"PSF"},{"name":"awscli","version":"1.16.273","type":"python","license":"Apache License 2.0"},{"name":"openldap","version":"2.4.44","type":"linux"},{"name":"elfutils-libelf","version":"0.170","type":"linux"},{"name":"ncurses-libs","version":"6.0","type":"linux"},{"name":"pth","version":"2.0.7","type":"linux"},{"name":"libselinux","version":"2.5","type":"linux"},{"name":"pyasn1","version":"0.4.7","type":"python","license":"BSD"},{"name":"colorama","version":"0.4.1","type":"python","license":"BSD"},{"name":"rpm-build-libs","version":"4.11.3","type":"linux"},{"name":"libdb","version":"5.3.21","type":"linux"},{"name":"gpg-pubkey","version":"209ddbc0","type":"linux"},{"name":"libgcc","version":"7.3.1","type":"linux"},{"name":"findutils","version":"4.5.11","type":"linux"},{"name":"libunistring","version":"0.9.3","type":"linux"},{"name":"cpio","version":"2.11","type":"linux"},{"name":"docutils","version":"0.15.2","type":"python","license":"public domain, Python, 2-Clause BSD, GPL 3 (see COPYING.txt)"},{"name":"libuuid","version":"2.30.2","type":"linux"},{"name":"libcom_err","version":"1.42.9","type":"linux"},{"name":"python-pycurl","version":"7.19.0","type":"linux"},{"name":"yum-plugin-priorities","version":"1.1.31","type":"linux"},{"name":"pygpgme","version":"0.3","type":"linux"},{"name":"shared-mime-info","version":"1.8","type":"linux"},{"name":"nss-softokn-freebl","version":"3.44.0","type":"linux"},{"name":"libidn","version":"1.28","type":"linux"},{"name":"stix-fonts","version":"1.1.0","type":"linux"},{"name":"glibc-langpack-en","version":"2.26","type":"linux"},{"name":"libstdc++","version":"7.3.1","type":"linux"},{"name":"libtasn1","version":"4.10","type":"linux"},{"name":"sed","version":"4.2.2","type":"linux"},{"name":"nspr","version":"4.21.0","type":"linux"},{"name":"nss-sysinit","version":"3.44.0","type":"linux"},{"name":"rpm-python","version":"4.11.3","type":"linux"}],"platform":"docker","image_name":"amazoncorretto-11","updated_at":"2020-05-05T00:17:14.940Z","digest":"89c5a7eecd2dbde1237aa128f987c4434e43cbeae203c16693a06e66c3d39554","tag":"latest","potentially_unwanted_programs":[],"docker_image_id":"d897bd64f733","os_architecture":"AMD64"}